CN112446701A - Identity authentication method, equipment and storage device based on block chain - Google Patents
Identity authentication method, equipment and storage device based on block chain Download PDFInfo
- Publication number
- CN112446701A CN112446701A CN201910828248.XA CN201910828248A CN112446701A CN 112446701 A CN112446701 A CN 112446701A CN 201910828248 A CN201910828248 A CN 201910828248A CN 112446701 A CN112446701 A CN 112446701A
- Authority
- CN
- China
- Prior art keywords
- authentication
- certification
- applicant
- identity
- statement
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 101
- 230000007246 mechanism Effects 0.000 claims abstract description 76
- 238000012795 verification Methods 0.000 claims abstract description 25
- 238000009795 derivation Methods 0.000 claims description 23
- 238000012797 qualification Methods 0.000 claims description 8
- 230000008520 organization Effects 0.000 claims description 6
- 238000012544 monitoring process Methods 0.000 claims 1
- 238000010586 diagram Methods 0.000 description 13
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000008569 process Effects 0.000 description 3
- YSCNMFDFYJUPEF-OWOJBTEDSA-N 4,4'-diisothiocyano-trans-stilbene-2,2'-disulfonic acid Chemical compound OS(=O)(=O)C1=CC(N=C=S)=CC=C1\C=C\C1=CC=C(N=C=S)C=C1S(O)(=O)=O YSCNMFDFYJUPEF-OWOJBTEDSA-N 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000011084 recovery Methods 0.000 description 2
- 238000012550 audit Methods 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004900 laundering Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
Landscapes
- Business, Economics & Management (AREA)
- Engineering & Computer Science (AREA)
- Accounting & Taxation (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- Physics & Mathematics (AREA)
- General Business, Economics & Management (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
- Management, Administration, Business Operations System, And Electronic Commerce (AREA)
Abstract
The invention discloses an identity authentication method, equipment and a storage device based on a block chain. The method comprises the following steps: the authentication application party sends the identity information to be authenticated to the authentication mechanism party so that the authentication mechanism party generates an original authentication statement after the identity information to be authenticated passes the verification; and receiving a complete authentication statement sent by the authentication agency side, wherein the complete authentication statement is formed by encrypting an original authentication statement with the authentication agency side signature and the authentication applicant side signature by the authentication agency side through a Hash algorithm to obtain an original Hash value of the original authentication statement with the authentication agency side signature and the authentication applicant side signature, and attaching the original Hash value to the original authentication statement with the authentication agency side signature and the authentication applicant side signature, and the original Hash value is used for uplink. By the method, the invention can ensure that the user has an identity which can be authenticated on the block chain.
Description
Technical Field
The present invention relates to the field of information security, and in particular, to an identity authentication method, device, and storage apparatus based on a block chain.
Background
The block chain is a special data structure formed by combining data blocks in a chain mode according to time sequence, and a centralized shared general ledger which ensures that data cannot be falsified and forged is ensured by using a cryptography mode, so that simple data information which has a sequence relation and can be verified can be safely stored. The blockchain technique utilizes an encrypted chained blockstructure to verify and store data, and utilizes a distributed node consensus algorithm to generate and update data.
At present, addresses or accounts on the block chain cannot be connected with real entities, and certain anonymity exists. Therefore, supervision, anti-money laundering, KYC (knowledge of your customers) and the like on the assets on the chain cannot be directly carried out on the chain, and can only be carried out in a mode under the chain. Meanwhile, the supervision is also passive, that is, once illegal transactions are involved, a supervision organization can only trace back afterwards and cannot intervene in the transactions.
Disclosure of Invention
The invention mainly solves the technical problem of providing an identity authentication method, equipment and a storage device based on a block chain, which can ensure that a user has an identity which can be authenticated on the block chain.
In order to solve the above technical problem, one technical solution adopted by the present invention is to provide an identity authentication method based on a block chain, where the method includes: the authentication application party sends the identity information to be authenticated to the authentication mechanism party so that the authentication mechanism party generates an original authentication statement after passing the verification of the identity information to be authenticated; receiving a complete certification statement sent by the certification authority side, wherein the complete certification statement comprises a signature of a first private key of identity information VeDID of the certification authority side on the certification authority side of the original certification statement and a signature of a second private key of identity information VeDID of the certification applicant on the certification applicant side of the original certification statement, wherein the complete certification statement is that the certification authority side encrypts the original certification statement with the certification authority side signature and the certification applicant signature by a hash algorithm to obtain an original hash value of the original certification statement with the certification authority side signature and the certification applicant signature, and attaching the original hash value to the original certificate assertion with the certificate authority signature and the certificate applicant signature, the original hash value being used for uplink.
In order to solve the above technical problem, another technical solution adopted by the present invention is to provide an identity authentication method based on a block chain, where the method includes: the authentication mechanism side receives the identity information to be authenticated sent by the authentication application side, and generates an original authentication statement after the identity information to be authenticated passes the verification; sending a complete certification statement to the certification applicant, wherein the complete certification statement comprises a certification authority side signature of the original certification authority side signed by a first private key of identity information VeDID of the certification authority side and a certification applicant side signature of the original certification authority side signed by a second private key of identity information VeDID of the certification applicant, and the complete certification statement is formed by the certification authority side encrypting the original certification authority side signature and the certification applicant side signature by a hash algorithm to obtain an original hash value of the original certification authority side signature and the certification applicant side signature, and attaching the original hash value to the original certification authority side signature and the certification applicant side signature; and storing contract information of the complete authentication statement into a database of the block chain, wherein the contract information comprises the original hash value, identity information VeDID of the authentication mechanism side and identity information VeDID of the authentication application side.
In order to solve the above technical problem, another technical solution adopted by the present invention is to provide an identity authentication device based on a blockchain, including a memory and a processor coupled to each other; the memory stores program data; the processor is configured to execute the program data stored in the memory to implement the method of any one of the above.
In order to solve the above technical problem, another technical solution of the present invention is to provide a storage device, which stores program data capable of being executed by a processor, the program data being used for implementing any one of the above methods.
The invention has the beneficial effects that: different from the situation of the prior art, the authentication application party of the application firstly sends the identity information to be authenticated to the authentication mechanism party so that the authentication mechanism party generates an original authentication statement after the identity information to be authenticated passes the verification; and then receiving a complete certification statement sent by the certification authority side, wherein the complete certification statement comprises a signature of a first private key of identity information VeDID of the certification authority side on the certification authority side of an original certification statement and a signature of a second private key of identity information VeDID of the certification authority side on the certification applicant side of the original certification statement, the complete certification statement is formed by encrypting the original certification statement with the signature of the certification authority side and the signature of the certification applicant side by the certification authority side through a Hash algorithm to obtain an original Hash value of the original certification statement with the signature of the certification authority side and the signature of the certification applicant side, and the original Hash value is used for uplink. By the mode, the identity information to be authenticated of the authentication applicant is checked by the authentication mechanism party, the original authentication statement is generated after the verification is passed, the authentication mechanism party and the authentication applicant party respectively use the private keys of the identity information VeDID of the authentication mechanism party and the authentication applicant party to sign the authentication statement, the original hash value of the original authentication statement with the signature of the authentication mechanism party and the signature of the authentication applicant is obtained and is used for chaining, the original hash value is attached to the original authentication statement with the signature of the authentication mechanism party and the signature of the authentication applicant to form a complete authentication statement, so that the authentication applicant can have an authenticated identity on a block chain, and the reliability of the provided complete authentication statement can be judged when the subsequent authentication applicant provides the complete authentication statement because the final complete authentication statement is attached with the original hash value, technical support is provided for a regulatory agency or other organization using blockchains to be able to quickly verify the identity of a certain account or address on the blockchain, providing more possibilities for developers and business scenarios.
Drawings
Fig. 1 is a schematic flowchart of a block chain-based identity authentication method according to a first embodiment of the present invention;
fig. 2 is a schematic flowchart of a block chain-based identity authentication method according to a second embodiment of the present invention;
FIG. 3 is a schematic diagram of the detailed process of step S207 in FIG. 2;
FIG. 4 is a detailed flowchart of step S301 in FIG. 3;
FIG. 5 is a timing diagram illustrating the identity verification of an information requestor against an authenticated applicant in an application scenario of the identity authentication method based on a blockchain according to the present invention;
fig. 6 is a schematic flowchart of a third embodiment of an identity authentication method based on a blockchain according to the present invention;
fig. 7 is a schematic flowchart of a fourth embodiment of an identity authentication method based on a blockchain according to the present invention;
fig. 8 is a schematic timing diagram illustrating a time sequence of deregistration of an authentication applicant to an authentication identity of an authentication applicant in an application scenario of the identity authentication method based on a block chain according to the present invention;
fig. 9 is a schematic flowchart of a fifth embodiment of an identity authentication method based on a blockchain according to the present invention;
fig. 10 is a schematic flowchart of a sixth embodiment of an identity authentication method based on a blockchain according to the present invention;
fig. 11 is a schematic timing diagram illustrating the identity authentication of the authentication mechanism to the authentication applicant in an application scenario of the identity authentication method based on the blockchain according to the present invention;
fig. 12 is a schematic flowchart of a seventh embodiment of an identity authentication method based on a blockchain according to the present invention;
fig. 13 is a schematic timing diagram illustrating a time sequence of deregistration of the certificate authority side to the certificate identity of the certificate applicant in an application scenario of the identity authentication method based on the block chain according to the present invention;
fig. 14 is a schematic flowchart of an eighth embodiment of an identity authentication method based on a blockchain according to the present invention;
fig. 15 is a schematic structural diagram of an embodiment of an identity authentication device based on a block chain according to the present invention;
fig. 16 is a schematic structural diagram of an embodiment of a memory device according to the invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention.
Referring to fig. 1, fig. 1 is a flowchart illustrating an identity authentication method based on a block chain according to a first embodiment of the present invention. The identity authentication method based on the block chain in the embodiment comprises the following steps:
s101: the authentication application party sends the identity information to be authenticated to the authentication mechanism party, so that the authentication mechanism party generates an original authentication statement after the identity information to be authenticated passes the verification.
A blockchain is a multi-node network composed using blockchain technology, and it is understood that a blockchain network includes a plurality of nodes that run blockchain technology to participate in the same blockchain. In the present application, both the authentication application party and the authentication mechanism party may be nodes in the blockchain network, the authentication application party is a party requiring identity authentication, generally corresponding to an individual user or an enterprise user, and the authentication mechanism party is a party supplying identity authentication, and corresponding to a third-party authentication mechanism having authentication qualification. In this embodiment, in order to have an authenticated identity on the block chain, the authentication applicant sends identity information to be authenticated to the certificate authority, where the identity information to be authenticated is information that can be used to prove the identity of the authentication applicant, such as identity card information, passport information, work certification information of an individual user, or business license information, corporate certificate information, organization code information, tax registration information, and the like of an enterprise. After receiving the identity information to be authenticated sent by the authentication applicant, the authentication authority side with authentication qualification needs to verify the identity information to be authenticated; it can be understood that after the identity information to be authenticated is passed through, it can be shown that the identity information to be authenticated, which is submitted by the authentication applicant, can prove its identity, so that the authentication authority can generate an original authentication declaration; certainly, when the identity information to be authenticated is not verified, the situation that the identity information to be authenticated submitted by the authentication applicant is incomplete or false exists is shown, and at this time, the authentication authority does not provide the original authentication statement, that is, the identity of the authentication applicant cannot be authenticated.
S102: and receiving a complete certification statement sent by a certification authority party, wherein the complete certification statement comprises a signature of a first private key of identity information VeDID of the certification authority party on a certification authority party of an original certification statement and a signature of a second private key of identity information VeDID of a certification applicant on a certification applicant party of the original certification statement, the complete certification statement is formed by encrypting the original certification statement with the signature of the certification authority party and the signature of the certification applicant through a Hash algorithm by the certification authority party to obtain an original Hash value of the original certification statement with the signature of the certification authority party and the signature of the certification applicant, and the original Hash value is used for uplink.
After the certification authority side verifies and passes the identity information to be certified provided by the certification applicant side and generates an original certification statement, in order to make the original certification statement have authenticity, the original certification statement needs to be signed; the signature includes two aspects: firstly, the certification authority side needs to sign the original certification statement to prove that the identity of the certification application side passes the certification of the certification authority side; and secondly, the authentication application party needs to sign the original authentication statement to prove that the original authentication statement is the identity authentication applied by the authentication application party, so that the situation that other people falsely use the identity of the authentication application party is avoided. In the blockchain network of the application, both the authentication application party and the authentication agency party have unique identity information VeDID which represents decentralized identities of the authentication application party and the authentication agency party. In the present application, the basic standard of identity information VeDID representing the decentralized identity of the user refers to the decentralized identity protocol (dids) published by W3C (World Wide Web Consortium). The format of the VeDID consists of 2 parts, for example the format: "did: ved:" < user-id >, wherein the first part "did: ved:" is a fixed prefix identifying that the VeDID refers to the DIDs specification issued by W3C, and the second part is a user-id (user name) specified by the user or generated randomly; the combination of the two parts is then the complete identification of the VeDID, which is unique throughout the entire ecology of the blockchain and is not allowed to be repeated. It can be understood that the original certification statement has the signature of the certification authority after being signed by the first private key of the identity information VeDID of the certification authority, and the original certification statement has the signature of the certification authority after being signed by the second private key of the identity information VeDID of the certification authority. In order to avoid directly chaining the original certification statement with the signature of the certification authority and the signature of the certification applicant, and directly publishing part of the inconvenient public information in the original certification statement on the block chain, therefore, the original certification statement with the signature of the certification authority side and the signature of the certification applicant can be encrypted, in particular, the certification authority side encrypts the original certification statement with the signature of the certification authority side and the signature of the certification applicant by a hash algorithm to obtain an original hash value of the original certification statement with the signature of the certification authority side and the signature of the certification applicant, and attaches the original hash value to the original certificate assertion having the certificate authority signature and the certificate applicant signature, at this time, the original authentication statement originally having the signature of the certification authority and the signature of the certification applicant is attached with the original hash value, so that the complete authentication statement is formed. The complete authentication statement comprises a signature of a first private key of identity information VeDID of an authentication authority party on the authentication authority party of the original authentication statement, a signature of a second private key of identity information VeDID of an authentication applicant on the authentication applicant party of the original authentication statement, and an original hash value. After the original hash value is chained, the authentication applicant has an authenticated identity in the block chain.
In the embodiment, the identity information to be authenticated is firstly sent to the authentication mechanism party through the authentication application party, so that the authentication mechanism party generates an original authentication statement after the identity information to be authenticated passes the verification; and then receiving a complete certification statement sent by the certification authority side, wherein the complete certification statement comprises a signature of a first private key of identity information VeDID of the certification authority side on the certification authority side of an original certification statement and a signature of a second private key of identity information VeDID of the certification authority side on the certification applicant side of the original certification statement, the complete certification statement is formed by encrypting the original certification statement with the signature of the certification authority side and the signature of the certification applicant side by the certification authority side through a Hash algorithm to obtain an original Hash value of the original certification statement with the signature of the certification authority side and the signature of the certification applicant side, and the original Hash value is used for uplink. The identity information to be authenticated of the authentication applicant is checked by the authentication mechanism party, an original authentication statement is generated after the verification is passed, the authentication mechanism party and the authentication applicant party respectively use the private keys of the identity information VeDID of the authentication mechanism party and the authentication applicant party to sign the authentication statement, the original hash value of the original authentication statement with the signature of the authentication mechanism party and the signature of the authentication applicant is obtained and used for chaining, and the original hash value is attached to the original authentication statement with the signature of the authentication mechanism party and the signature of the authentication applicant to form a complete authentication statement, so that the authentication applicant can have an authenticated identity on a block chain, and the reliability of the provided complete authentication statement can be judged when the complete authentication statement is provided by the subsequent authentication applicant due to the fact that the original hash value is attached to the final complete authentication statement, and the identity of a certain account or address can be quickly verified on the block chain for the supervision mechanism or other organizations using the block chains Technical support is provided, and more possibilities are provided for developers and business scenarios.
Referring to fig. 2, fig. 2 is a flowchart illustrating an identity authentication method based on a block chain according to a second embodiment of the present invention. The identity authentication method based on the block chain in the embodiment comprises the following steps:
s202: the authentication application party sends the identity information to be authenticated to the authentication mechanism party, so that the authentication mechanism party generates an original authentication statement after the identity information to be authenticated passes the verification.
S205: and receiving a complete certification statement sent by a certification authority party, wherein the complete certification statement comprises a signature of a first private key of identity information VeDID of the certification authority party on a certification authority party of an original certification statement and a signature of a second private key of identity information VeDID of a certification applicant on a certification applicant party of the original certification statement, the complete certification statement is formed by encrypting the original certification statement with the signature of the certification authority party and the signature of the certification applicant through a Hash algorithm by the certification authority party to obtain an original Hash value of the original certification statement with the signature of the certification authority party and the signature of the certification applicant, and the original Hash value is used for uplink.
In this implementation scenario, steps S202 and S205 provided in this embodiment are substantially similar to steps S101 and S102 in the first embodiment of the identity authentication method based on a block chain provided in this application, and are not described herein again.
The difference between this embodiment and the first embodiment is that, before step S205, the identity authentication method based on a block chain in this embodiment further includes:
s203: and receiving a first certification statement sent by the certification authority side, wherein the first certification statement is formed by signing the original certification statement by the certification authority side by using a first private key of identity information VeDID of the certification authority side.
It can be understood that, after the certification authority side verifies and passes the identity information to be certified provided by the certification applicant and generates the original certification statement, the certification authority side needs to sign the original certification statement to prove that the identity of the certification applicant is certified by the certification authority side. That is, the certification authority side can sign the original certification statement by using the first private key of the identity information VeDID of the certification authority side, and at this time, the original certification sound has the signature of the certification authority side, so that the first certification statement is formed, and then the certification authority side can send the first certification statement to the certification applicant. The certification applicant may then receive the first certification statement sent by the certification authority.
S204: and signing the first authentication statement by using a second private key of identity information VeDID of the authentication applicant to form a second authentication statement, and sending the second authentication statement to the authentication mechanism party.
After the certification application party receives the first certification statement sent by the certification authority party, the certification application party also needs to sign the first certification statement to prove that the certification application party applies for identity certification and confirm that the certification information in the first certification statement is correct. That is, the certification applicant can sign the first certification statement by using the second private key of the identity information VeDID of the certification applicant, and at this time, the first certification sound has the signature of the certification applicant, so that the second certification statement is formed, and then the certification applicant can send the second certification statement to the certification authority side. It is understood that, at this time, the second certification statement is the original certification statement with the certificate authority side signature and the certificate applicant side signature, and then, in step S205, the certificate authority side encrypts the second certification statement through a hash algorithm to obtain an original hash value of the second certification statement, and appends the original hash value to the second certification statement, so as to form a complete certification statement.
Further, before step S202, the identity authentication method based on a block chain in this embodiment further includes:
s201: the authentication mechanism side and the authentication application side respectively generate identity information VeDID of the authentication mechanism side and identity information VeDID of the authentication application side through the server of the block chain, the identity information VeDID of the authentication mechanism side is provided with a first private key and a first public key, and the identity information VeDID of the authentication application side is provided with a second private key and a second public key; the first private key and the second private key are used for signing a document, the first public key and the second public key are respectively distributed in the description documents of the identity information VeDID of the certification authority side and the identity information VeDID of the certification application side, and the first public key and the second public key are used for verifying the identity and modifying the description documents.
In the present application, the identity information VeDID has a description file of VeDID, and various attributes of VeDID are described in JSON (JSON Object Notation) format. The description file of VeDID may contain several attributes, such as "@ context": i.e., context, identifying the standard to which the file conforms; "id": namely, VeDID; "publickey": a group of public key definitions are defined in the attribute, a person or an enterprise holding a private key corresponding to any one of the public keys indicates that the person or the enterprise has complete control right on the VeDID and can use the private key for identity authentication, at the moment, the private key is used for signing a file, and the corresponding public key is written in a descriptive file of the VeDID; "recovery": a public key is defined in this attribute, which is used and only used for allowing a new public key to be added after the public key defined in publickey is lost to restore the control right of the account; "attributes": this attribute allows the user to add other attributes to himself for a particular application scenario. Other attributes may include the following, for example, "authentication": the attribute is optional, a group of public key definitions can be added, a holder of the public key can use the public key to perform identity verification based on the VeDID, but the holder of the public key does not have the right to modify the VeDID description file, and the holder of the public key only has the right of use of the VeDID; "delete": the attribute is an optional attribute, a group of public key definitions can be added, a holder of the public key is authorized to allow some attributes in the VeDID description file to be modified, but the public key cannot be used for identity verification, and at the moment, the holder of the public key only has the modification authority of the description file but does not have the use right of the VeDID; "information": this attribute is optional and allows the user to add some information that the user wants to be public-keyed, such as personal information like phone, mailbox, etc. or company information like address, website, etc., including URL (Uniform Resource Locator) link or JSON-ld (javascript Object notification for Linked data) description, etc.
It can be understood that the certification authority party and the certification application party respectively generate the identity information VeDID of the certification authority party and the identity information VeDID of the certification application party through the server of the block chain, the identity information VeDID of the certification authority party has a first private key and a first public key, and the identity information VeDID of the certification application party has a second private key and a second public key. The first private key and the second private key are used for signing a document, the first public key and the second public key are respectively distributed in the description documents of the identity information VeDID of the certification authority side and the identity information VeDID of the certification application side, and the first public key and the second public key are used for verifying the identity and modifying the description documents.
Furthermore, at least one pair of a spare public key and a spare private key is also published in the description file of the identity information VeDID in the embodiment; the spare private key is used for signing the file; the spare public key is used for applying for a new first public key or a new second public key through a server of the block chain after the first public key or the second public key is lost, or the spare public key is used for verifying the identity and not used for modifying the description file, or the spare public key is used for modifying the description file and not used for verifying the identity. It can be understood that, when the user is a certain enterprise, if the public key defined in the publickey is lost, the user can apply for a new public key defined in the publickey through the server of the block chain through the public key defined in the recovery to recover the control right of the account; when the employee A needs to go out for bidding, the employee A can hold the public key defined in the authentication, so that the employee A can perform identity verification based on the identity information VeDID, prove that the employee A has the authority of using the identity information VeDID, but the employee A does not have the authority of modifying the description file of the identity information VeDID; when employee B needs to modify the company website in the VeDID profile, employee B may hold the public key defined in deledate above to modify the VeDID profile, and employee B cannot use the public key for authentication.
Further, after step S205, the identity authentication method based on the block chain in this embodiment further includes:
s206: and receiving an acquisition request about the identification information of the authentication applicant sent by the information requestor.
It can be understood that, in the blockchain, before actually carrying out business transaction, the business parties should verify the identity of the other party to avoid the risk of transaction. Therefore, in order to verify the identity of the other party, the information requestor sends a request for obtaining the identification information of the other party to the other party, and at this time, the information requestor is the authentication requestor, that is, the authentication requestor receives the request for obtaining the identification information of the authentication requestor sent by the information requestor.
S207: and sending the identity information of the authentication applicant to the information requestor so that the information requestor verifies whether the identity of the authentication applicant meets the business requirements or not through the identity information of the authentication applicant, wherein the identity information of the authentication applicant comprises identity information VeDID of the authentication applicant and authentication applicant signature information signed by the authentication applicant by using a second private key.
After receiving an acquisition request about the identification information of the authentication applicant sent by the information requestor, in order to prove the identity of the authentication applicant, the authentication applicant needs to send the identification information to the information requestor, and the identification information of the authentication applicant comprises identification information VeDID of the authentication applicant and signature information of the authentication applicant signed by the authentication applicant by using a second private key. The information requestor can verify whether the identity of the authenticated applicant meets the business requirements by authenticating the identity information of the applicant.
Referring to fig. 3, fig. 3 is a schematic flowchart illustrating the step S207 in fig. 2. In one embodiment, step S207 includes:
s301: and the information requestor verifies whether the authentication requestor is an authorized user of the identity information VeDID of the authentication requestor according to the identity information VeDID of the authentication requestor, the signature information of the authentication requestor and the public and private key encryption algorithm. If yes, go to step S302, otherwise go to step S306.
After the authentication applicant sends the identification information to the information requestor, the information requestor can verify whether the authentication applicant is an authorized user of the identification information VeDID of the authentication applicant according to the identification information VeDID of the authentication applicant, the signature information of the authentication applicant and the public-private key encryption algorithm. It can be understood that, if the authentication applicant who sends the identification information is found not to be the authorized user of the sent identification information VeDID, it indicates that the identity of the authentication applicant is in question, and the information requestor has a certain risk when conducting business with it, so the identity of the authentication applicant does not meet the business requirement. If the authentication application party sending the identification information is found to be the authorized user of the sent identification information VeDID, it needs to further judge whether the identity of the authentication application party meets the requirement of the service to be performed.
S302: the information requestor queries whether contract information containing identity information VeDID of the certification applicant exists in a database of the blockchain. If yes, step S303 is executed, and if not, step S306 is executed.
After the authentication applicant sending the identification information is found to be the authorized user of the sent identification information VeDID, the information requestor needs to further determine whether the sent identification information is valid information. It can be understood that, if the authentication applicant is that the sent identity information is the information that has been revoked, or the identity information does not exist in the block chain at all, it indicates that the authentication applicant has forged a piece of identity information for the authorized user of the sent identity information VeDID, or the authentication applicant has forged a piece of identity information; therefore, the information requestor needs to inquire whether contract information containing identity information VeDID of the authentication applicant exists in a database of the block chain, if the contract information does not exist, the identity of the authentication applicant is questioned, the information requestor has a certain risk when performing business transaction with the information requestor, and the identity of the authentication applicant does not meet business requirements; if the identity of the authentication application party meets the requirement of the service to be performed, the identity of the authentication application party needs to be further judged.
S303: the information requestor further judges whether the certification qualification of the certification authority side meets the business requirement according to the identity information VeDID of the certification authority side in the contract information. If yes, go to step S305, and if not, go to step S306.
S305: and verifying that the identity of the authentication applicant meets the service requirement.
S306: and verifying that the identity of the authentication applicant does not meet the service requirement.
Although it has been verified in steps S301 and S302 that the certification applicant sending the identification information is an authorized user of the sent identification information VeDID and contract information containing the identification information VeDID of the certification applicant actually exists in the database of the blockchain, it is still impossible to judge that the identity of the certification applicant meets the business requirements. For example, if the service to be executed is overseas service and the identification information provided by the certification application party is issued by a certain certification authority in China, it can be understood that the identity of the certification application party still does not meet the service requirement at this time. Therefore, the information requestor needs to further determine whether the certification qualification of the certification authority side meets the business requirement according to the identity information VeDID of the certification authority side in the contract information, if so, the identity of the certification applicant can be verified to meet the business requirement, and if not, the identity of the certification applicant does not meet the business requirement.
Further, in an embodiment, the identification information of the authenticating applicant further includes a complete authentication declaration of the authenticating applicant, and before step S305, step S207 further includes:
s304: and the information requestor obtains a new hash value from the complete authentication statement of the authentication applicant through a hash algorithm, and judges whether the new hash value is the same as the original hash value in the contract information containing the identity information VeDID of the authentication applicant. If the two values are the same, step S305 is executed, and if the two values are different, step S306 is executed.
In some scenarios, the information requestor needs to authenticate the supplicant and provide the complete authentication declaration, and thus after obtaining the complete authentication declaration, the information requestor needs to determine whether the complete authentication declaration provided by the supplicant is true and valid. It can be understood that, when the information requestor obtains a new hash value from the complete authentication declaration of the authentication applicant through a hash algorithm, and determines that the new hash value is the same as the original hash value in the contract information containing the identity information VeDID of the authentication applicant, it indicates that the complete authentication declaration provided by the authentication applicant is true, and verifies that the identity of the authentication applicant meets the service requirement; and when the new hash value is judged to be different from the original hash value in the contract information containing the identity information VeDID of the authentication applicant, the fact that the complete authentication statement provided by the authentication applicant is modified relative to the complete authentication statement issued by the original authentication organization party shows that the complete authentication statement provided by the authentication applicant has the possibility of false, so that the identity of the authentication applicant is verified to be not in accordance with the business requirement.
Referring to fig. 4, fig. 4 is a schematic flowchart illustrating the step S301 in fig. 3. In one embodiment, step S301 includes:
s401: and the information requestor obtains a second derivation public key according to the signature information of the authentication applicant and the public and private key encryption algorithm, and judges whether the second derivation public key is the same as a second public key corresponding to the second private key in the identity information VeDID of the authentication applicant. If the two are the same, step S402 is executed, and if the two are different, step S403 is executed.
S402: the certification application party is an authorized user for certifying the identity information VeDID of the application party.
S403: the certification applicant is not an authorized user who certifies the identity information VeDID of the applicant.
It can be understood that, since the identity information sent by the authentication applicant includes the identity information VeDID of the authentication applicant and the signature information of the authentication applicant signed by the authentication applicant using the second private key, according to the characteristics of 'private key responsible for signature and public key responsible for verification', the information requestor can obtain a second derivation public key according to the signature information of the authentication requestor and the encryption algorithm of the public and private keys, because the signature information of the authentication applicant is obtained by signing by using the second private key, the second private key and the second public key are corresponding public and private key pairs, so when the second derived public key is the same as the second public key corresponding to the second private key in the identity information VeDID of the authenticating applicant, it is stated that the provided signature information of the certification applicant corresponds to the identity information VeDID of the certification applicant, the certification applicant can be considered as an authorized user of the provided identity information VeDID of the certification applicant.
Referring to fig. 5, fig. 5 is a timing diagram illustrating an identity verification performed by an information requestor on an authentication applicant in an application scenario of the identity authentication method based on a block chain according to the present invention. In a specific application scenario, before a certain service is actually performed, two service parties need to verify the identity of the other party so as to avoid transaction risk; the authentication information requestor is used for verifying the identity of the other party, so that a user is requested to provide authentication declaration information based on the VeDID, the user or an enterprise is used as an authentication application party at the moment, then the user informs the authentication information requestor of the VeDID, the information requestor inquires whether authentication information of the VeDID exists in an intelligent contract of the authentication declaration according to the VeDID informed by the user, if not, the identity of the user cannot be verified, if so, the information requestor further judges whether an authentication mechanism of the authentication declaration meets qualification requirements or not according to business requirements, if so, the identity of the user can be verified to meet the business requirements, and if not, the identity of the user is verified to not meet the requirements. In addition, when the authentication information requestor has a requirement for viewing the complete authentication declaration, the user can decrypt the complete authentication declaration of the identity of the user according to the requirement and then send the decrypted complete authentication declaration to the information requestor through a secure mode (such as HTTPS), or provide the complete authentication declaration of the identity of the user through a block chain authorization solution; and the information requestor queries in the block chain according to the acquired authentication statement file so as to verify the validity of the authentication statement file and the qualification of the certification authority issuing the authentication statement file, and the information requestor indicates that the identity verification of the user is completed under the condition of confirming that the authentication statement file and the qualification of the certification authority are correct.
Referring to fig. 6, fig. 6 is a flowchart illustrating an identity authentication method based on a block chain according to a third embodiment of the present invention. The identity authentication method based on the block chain in the embodiment comprises the following steps:
s601: the authentication application party sends the identity information to be authenticated to the authentication mechanism party, so that the authentication mechanism party generates an original authentication statement after the identity information to be authenticated passes the verification.
S602: and receiving a complete certification statement sent by a certification authority party, wherein the complete certification statement comprises a signature of a first private key of identity information VeDID of the certification authority party on a certification authority party of an original certification statement and a signature of a second private key of identity information VeDID of a certification applicant on a certification applicant party of the original certification statement, the complete certification statement is formed by encrypting the original certification statement with the signature of the certification authority party and the signature of the certification applicant through a Hash algorithm by the certification authority party to obtain an original Hash value of the original certification statement with the signature of the certification authority party and the signature of the certification applicant, and the original Hash value is used for uplink.
In this implementation scenario, steps S601 and S602 provided in this embodiment are substantially similar to steps S101 and S102 in the first embodiment of the identity authentication method based on a block chain provided in this application, and are not described here again.
The difference between this embodiment and the first embodiment is that after step S602, the identity authentication method based on a block chain in this embodiment further includes:
s603: receiving a notice that a complete authentication declaration of an authentication applicant is cancelled by a server of a block chain sent by an authentication mechanism side; the method comprises the steps that a first logout request for logging out a complete authentication statement of an authentication applicant is sent to a server of a block chain by an authentication mechanism side, and the complete authentication statement of the authentication applicant is logged out by the server of the block chain after the server of the block chain judges that the identity of the authentication mechanism side is correct; the first logout request comprises certification authority side signature information signed by a certification authority side by using a first private key; and the server of the block chain obtains a first derivation public key according to the signature information of the certification authority party and the encryption algorithm of the public and private keys, and judges that the identity of the certification authority party is correct by judging that the first derivation public key is the same as the first public key corresponding to the first private key in the identity information VeDID of the certification authority party in the contract information of the complete certification statement.
It can be understood that, when the certification authority needs to log off the complete certification statement issued to the certification applicant originally, the certification authority sends a first log-off request for logging off the complete certification statement of the certification applicant to the server of the blockchain, wherein the first log-off request includes certification authority signature information signed by the certification authority using a first private key; then the server of the block chain obtains a first derivation public key according to the signature information of the certification authority party and the encryption algorithm of the public and private keys, and judges whether the first derivation public key is the same as a first public key corresponding to the first private key in identity information VeDID of the certification authority party in contract information of a complete certification statement; if the identity of the authentication mechanism side is identical, the identity of the authentication mechanism side is proved to be identical, and then the server of the block chain executes the first logout request and logs out the complete authentication statement of the authentication applicant side. It will be appreciated that since the certificate authority side initiates a logoff request, after successful logoff, the certificate authority side needs to inform the certificate applicant that the complete certificate assertion for the certificate applicant was logged off, to avoid the certificate applicant continuing to use the certificate assertion file that has been logged off and being considered fraudulent. Of course, if it is determined that the first derived public key is different from the first public key corresponding to the first private key in the identity information VeDID of the certification authority side in the contract information of the complete certification declaration, the actual identity of the certification authority side that issued the first logout request cannot be confirmed at this time, and therefore, the server of the block chain does not logout the complete certification declaration of the certification applicant.
Referring to fig. 7, fig. 7 is a flowchart illustrating an identity authentication method based on a block chain according to a fourth embodiment of the present invention. The identity authentication method based on the block chain in the embodiment comprises the following steps:
s701: the authentication application party sends the identity information to be authenticated to the authentication mechanism party, so that the authentication mechanism party generates an original authentication statement after the identity information to be authenticated passes the verification.
S702: and receiving a complete certification statement sent by a certification authority party, wherein the complete certification statement comprises a signature of a first private key of identity information VeDID of the certification authority party on a certification authority party of an original certification statement and a signature of a second private key of identity information VeDID of a certification applicant on a certification applicant party of the original certification statement, the complete certification statement is formed by encrypting the original certification statement with the signature of the certification authority party and the signature of the certification applicant through a Hash algorithm by the certification authority party to obtain an original Hash value of the original certification statement with the signature of the certification authority party and the signature of the certification applicant, and the original Hash value is used for uplink.
In this implementation scenario, steps S701 and S702 provided in this embodiment are substantially similar to steps S101 and S102 in the first embodiment of the identity authentication method based on a block chain provided in this application, and are not described here again.
The difference between this embodiment and the first embodiment is that after step S702, the identity authentication method based on a block chain in this embodiment further includes:
s703: the authentication applicant sends a second logout request for logging out the complete authentication declaration of the authentication applicant to the server of the block chain, so that the server of the block chain logs out the complete authentication declaration of the authentication applicant after judging that the identity of the authentication applicant is correct; the server of the block chain obtains a second derivation public key according to the signature information of the authentication applicant and a public-private key encryption algorithm, and judges that the identity of the authentication applicant is correct by judging that the second derivation public key is the same as a second public key corresponding to a second private key in identity information VeDID of the authentication applicant in contract information of a complete authentication statement.
Different from the third embodiment, in the present embodiment, the authentication applicant initiatively cancels the own complete authentication declaration, and at this time, the authentication applicant sends a second cancellation request for canceling the complete authentication declaration of the authentication applicant to the server of the block chain, where the second cancellation request includes the authentication applicant signature information signed by the authentication applicant using the second private key; then the server of the block chain obtains a second derivation public key according to the signature information of the authentication applicant and the public-private key encryption algorithm, and judges whether the second derivation public key is the same as a second public key corresponding to a second private key in identity information VeDID of the authentication applicant in contract information of a complete authentication statement; if the two authentication application parties are the same, the identity of the authentication application party is proved to be consistent, and then the server of the block chain executes the second logout request to logout the complete authentication statement of the authentication application party. Of course, if it is determined that the second derived public key is different from the second public key corresponding to the second private key in the identity information VeDID of the certification applicant in the contract information of the complete certification declaration, the actual identity of the certification applicant issuing the second logout request cannot be confirmed at this time, and therefore, the server of the block chain does not logout the complete certification declaration of the certification applicant, and prevents the user who does not have the logout application authority from logging out the certification declaration. It can be understood that, since the certification applying party initiates the logout request, the certification authority party further stores the complete certification statement file of the certification applying party after successful logout, so that the certification authority party monitors the state of the complete certification statement with the signature information of the certification authority party and logs out the complete certification statement stored in the certification authority party after finding that the complete certification statement with the signature information of the certification authority party is logout.
Referring to fig. 8, fig. 8 is a timing diagram illustrating a logout of an authentication applicant from an authentication identity of the authentication applicant in an application scenario of the identity authentication method based on a block chain according to the present invention. In a specific application scenario, the service scope of the enterprise a changes, so that the complete authentication declaration authenticated before needs to be revoked, at this time, the enterprise a may send a revocation request to the blockchain by itself or through an agency, the blockchain may verify the identity of the enterprise a through identity information VeDID provided by the enterprise a in the revocation request, after the identity of the enterprise a is confirmed to be correct, the complete authentication declaration of the identity specified by the enterprise a in the revocation request may be revoked, and the authentication declaration state in the authentication declaration intelligent contract is marked as a revoked state. And the third-party certification authority monitors the identity certification statement issued by the third-party certification authority, and if the third-party certification authority finds that a certain user actively logs off the identity certification information, the third-party certification authority should execute an internal process to log off the identity certification information of the user stored in the certification authority.
Referring to fig. 9, fig. 9 is a flowchart illustrating a fifth embodiment of an identity authentication method based on a block chain according to the present invention. The identity authentication method based on the block chain in the embodiment comprises the following steps:
s901: and the authentication mechanism side receives the identity information to be authenticated sent by the authentication application side and generates an original authentication statement after the identity information to be authenticated passes the verification.
S902: and sending a complete certification statement to a certification applicant, wherein the complete certification statement comprises a certification authority side signature of the certification authority side by a first private key of identity information VeDID of the certification authority side and a certification applicant side signature of the original certification statement by a second private key of the identity information VeDID of the certification applicant, and the complete certification statement is formed by encrypting the original certification statement with the certification authority side signature and the certification applicant side signature by the certification authority side through a hash algorithm to obtain an original hash value of the original certification statement with the certification authority side signature and the certification applicant side signature and attaching the original hash value to the original certification statement with the certification authority side signature and the certification applicant side signature.
S903: and storing contract information of the complete authentication statement into a database of the block chain, wherein the contract information comprises an original hash value, identity information VeDID of the authentication mechanism side and identity information VeDID of the authentication application side.
In the embodiment, the identity information to be authenticated sent by the authentication applicant is received by the authentication mechanism, and an original authentication statement is generated after the identity information to be authenticated passes the verification; then sending a complete certification statement to a certification applicant, wherein the complete certification statement comprises a signature of a first private key of identity information VeDID of the certification authority to the certification authority of an original certification statement and a signature of a second private key of the identity information VeDID of the certification applicant to the certification applicant of the original certification statement, and the complete certification statement is formed by encrypting the original certification statement with the signature of the certification authority and the signature of the certification applicant through a Hash algorithm by the certification authority to obtain an original Hash value of the original certification statement with the signature of the certification authority and the signature of the certification applicant and attaching the original Hash value to the original certification statement with the signature of the certification authority and the signature of the certification applicant; and storing contract information of the complete authentication statement into a database of the block chain, wherein the contract information comprises an original hash value, identity information VeDID of the authentication mechanism side and identity information VeDID of the authentication application side. The identity information to be authenticated of the authentication applicant is audited by the authentication mechanism side, an original authentication statement is generated after the audit is passed, the authentication mechanism side and the authentication applicant side respectively use the private keys of the identity information VeDID of the authentication mechanism side and the authentication applicant side to sign the authentication statement, the original hash value of the original authentication statement with the signature of the authentication mechanism side and the signature of the authentication applicant side is obtained, the original hash value is attached to the original authentication statement with the signature of the authentication mechanism side and the signature of the authentication applicant side to form a complete authentication statement, the contract information of the complete authentication statement is stored in a database of a block chain, the contract information comprises the original hash value, the identity information VeDID of the authentication mechanism side and the identity information VeDID of the authentication applicant side, the authentication applicant can have an authenticated identity on the block chain, and the final complete authentication is attached with the original hash value, therefore, the reliability of the provided complete authentication declaration can be judged when the subsequent authentication applicant provides the complete authentication declaration, technical support is provided for a supervision agency or other organizations using the blockchain to quickly verify the identity of a certain account or address on the blockchain, and more possibility is provided for developers and business scenes.
Referring to fig. 10, fig. 10 is a flowchart illustrating a block chain-based identity authentication method according to a sixth embodiment of the present invention. The identity authentication method based on the block chain in the embodiment comprises the following steps:
s1002: and the authentication mechanism side receives the identity information to be authenticated sent by the authentication application side and generates an original authentication statement after the identity information to be authenticated passes the verification.
S1005: and sending a complete certification statement to a certification applicant, wherein the complete certification statement comprises a certification authority side signature of the certification authority side by a first private key of identity information VeDID of the certification authority side and a certification applicant side signature of the original certification statement by a second private key of the identity information VeDID of the certification applicant, and the complete certification statement is formed by encrypting the original certification statement with the certification authority side signature and the certification applicant side signature by the certification authority side through a hash algorithm to obtain an original hash value of the original certification statement with the certification authority side signature and the certification applicant side signature and attaching the original hash value to the original certification statement with the certification authority side signature and the certification applicant side signature.
S1006: and storing contract information of the complete authentication statement into a database of the block chain, wherein the contract information comprises an original hash value, identity information VeDID of the authentication mechanism side and identity information VeDID of the authentication application side.
In this implementation scenario, steps S1002, S1005, and S1006 provided in this embodiment are substantially similar to steps S901 to S903 in the fifth embodiment of the identity authentication method based on a block chain provided in this application, and are not described here again.
The difference between this embodiment and the fifth embodiment is that, before step S1005, the identity authentication method based on a blockchain in this embodiment further includes:
s1003: and signing the original authentication statement by using a first private key of identity information VeDID of the authentication mechanism side to form a first authentication statement, and sending the first authentication statement to the authentication applicant.
S1004: and receiving a second authentication statement sent by the authentication applicant, wherein the second authentication statement is formed by the authentication applicant signing the first authentication statement by using a second private key of identity information VeDID of the authentication applicant.
It can be understood that, after the certification authority side verifies and passes the identity information to be certified provided by the certification applicant and generates the original certification statement, the certification authority side needs to sign the original certification statement to prove that the identity of the certification applicant is certified by the certification authority side. Namely, the certification authority uses the first private key of the identity information VeDID of the certification authority to sign the original certification statement, so as to form a first certification statement, and the first certification statement is sent to the certification applicant. Similarly, the authentication applicant also needs to sign the first authentication declaration to prove that the first authentication declaration is the identity authentication applied by the authentication applicant and confirm that the authentication information in the first authentication declaration is correct; then, after the certification applicant signs the first certification statement by using the second private key of the identity information VeDID of the certification applicant to form a second certification statement and sends the second certification statement to the certification authority, the certification authority may receive the second certification statement sent by the certification applicant.
Further, before step S1002, the identity authentication method based on a block chain in this embodiment further includes:
s1001: the authentication mechanism side and the authentication application side respectively generate identity information VeDID of the authentication mechanism side and identity information VeDID of the authentication application side through the server of the block chain, the identity information VeDID of the authentication mechanism side is provided with a first private key and a first public key, and the identity information VeDID of the authentication application side is provided with a second private key and a second public key; the first private key and the second private key are used for signing a document, the first public key and the second public key are respectively distributed in the description documents of the identity information VeDID of the certification authority side and the identity information VeDID of the certification application side, and the first public key and the second public key are used for verifying the identity and modifying the description documents.
Furthermore, at least one pair of a spare public key and a spare private key is also published in the description file of the identity information VeDID in the embodiment; the spare private key is used for signing the file; the spare public key is used for applying for a new first public key or a new second public key through a server of the block chain after the first public key or the second public key is lost, or the spare public key is used for verifying the identity and not used for modifying the description file, or the spare public key is used for modifying the description file and not used for verifying the identity.
The specific contents in this embodiment may refer to the related contents in the second embodiment of the identity authentication method based on the block chain.
Referring to fig. 11, fig. 11 is a timing diagram illustrating an identity authentication performed by an authentication authority on an authentication applicant in an application scenario of the identity authentication method based on a block chain according to the present invention. In an application scenario, a user or an enterprise needs to have an authenticated identity in a blockchain, first, the user or the enterprise needs to register and generate own VeDID on the blockchain by itself or through an agency, and then the user or the enterprise (hereinafter, collectively referred to as an applicant) submits information needing authentication to a third-party authentication mechanism; verifying the submitted information needing to be authenticated by a third-party authentication mechanism, generating an authentication statement according to the submitted material, and signing the authentication statement by using a self VeDID private key; the third party certification authority returns the signed certification statement to the applicant, and the applicant signs the statement by using the own VeDID private key after confirming that the information in the statement is correct so as to represent the approval of the third party certification authority to the content; the third-party certification authority stores the Hash value of the certification statement returned by the applicant to the block chain, attaches the storage information to the certification statement returned by the applicant to form a complete certification statement (the attached information does not need to be signed again), returns the complete certification statement to the applicant, and simultaneously stores a complete certification statement. The applicant can take care of the certification after receiving the complete certification statement and can also entrust a third party or a storage type block chain for storage after encryption. Thus, the identity of the user or business is authenticated successfully, and the user or business has an authenticated identity in the blockchain.
Referring to fig. 12, fig. 12 is a flowchart illustrating a method for identity authentication based on a blockchain according to a seventh embodiment of the present invention. The identity authentication method based on the block chain in the embodiment comprises the following steps:
s1201: and the authentication mechanism side receives the identity information to be authenticated sent by the authentication application side and generates an original authentication statement after the identity information to be authenticated passes the verification.
S1202: and sending a complete certification statement to a certification applicant, wherein the complete certification statement comprises a certification authority side signature of the certification authority side by a first private key of identity information VeDID of the certification authority side and a certification applicant side signature of the original certification statement by a second private key of the identity information VeDID of the certification applicant, and the complete certification statement is formed by encrypting the original certification statement with the certification authority side signature and the certification applicant side signature by the certification authority side through a hash algorithm to obtain an original hash value of the original certification statement with the certification authority side signature and the certification applicant side signature and attaching the original hash value to the original certification statement with the certification authority side signature and the certification applicant side signature.
S1203: and storing contract information of the complete authentication statement into a database of the block chain, wherein the contract information comprises an original hash value, identity information VeDID of the authentication mechanism side and identity information VeDID of the authentication application side.
In this implementation scenario, steps S1201 to S1203 in this embodiment are substantially similar to steps S901 to S903 in the fifth embodiment of the identity authentication method based on a block chain provided in this application, and are not described here again.
The difference between the present embodiment and the fifth embodiment is that after step S1203, the identity authentication method based on a block chain in the present embodiment further includes:
s1204: and sending a first logout request for logging out the complete authentication statement of the authentication applicant to a server of the block chain, wherein the first logout request comprises the signature information of the authentication authority party signed by the authentication authority party by using a first private key.
S1205: after the server of the block chain judges that the identity of the certification authority party is correct and cancels the complete certification statement of the certification authority party, the server of the block chain informs the certification authority party of the information that the complete certification statement of the certification authority party is cancelled, wherein the server of the block chain obtains a first derivation public key according to the signature information of the certification authority party and a public-private key encryption algorithm, and judges that the identity of the certification authority party is correct by judging that the first derivation public key is the same as a first public key corresponding to a first private key in the identity information VeDID of the certification authority party in the contract information of the complete certification statement.
In the embodiment, when the certification authority side needs to log off the complete certification statement of the certification applicant, the certification authority side sends a first log-off request for logging off the complete certification statement of the certification applicant to a server of a block chain, wherein the first log-off request comprises certification authority side signature information signed by the certification authority side by using a first private key; then the server of the block chain obtains a first derivation public key according to the signature information of the certification authority party and the encryption algorithm of the public and private keys, and judges whether the first derivation public key is the same as a first public key corresponding to the first private key in identity information VeDID of the certification authority party in contract information of a complete certification statement; if the identity of the authentication mechanism side is identical, the identity of the authentication mechanism side is proved to be identical, and then the server of the block chain executes the first logout request and logs out the complete authentication statement of the authentication applicant side. Of course, if it is determined that the first derived public key is different from the first public key corresponding to the first private key in the identity information VeDID of the certification authority side in the contract information of the complete certification declaration, the actual identity of the certification authority side that issued the first logout request cannot be confirmed at this time, and therefore, the server of the block chain does not logout the complete certification declaration of the certification applicant. It will be appreciated that since the certificate authority side initiates the logout request, after the logout is successful, the certificate authority side needs to inform the certificate applicant about the message that the complete certificate assertion of the certificate applicant was logout, in order to avoid the certificate applicant continuing to use the certificate assertion file that has been logout.
Referring to fig. 13, fig. 13 is a timing diagram illustrating a time sequence of a revocation authority party revoking an authentication identity of an authentication application party in an application scenario of the identity authentication method based on a block chain according to the present invention. In a specific application scenario, a third-party certification authority needs to log off identity certification information of a certain user, at this time, the third-party certification authority can directly send a log-off request to a blockchain, the blockchain can verify the identity of the third-party certification authority through identity information VeDID provided by the third-party certification authority in the log-off request, after the identity of the third-party certification authority is confirmed to be correct, a complete certification statement of the identity specified by the third-party certification authority in the log-off request can be logged off, and a certification statement state in a certification statement intelligent contract is marked as a log-off state. After confirming that the logout is successful, the third-party certification authority needs to contact a message that the corresponding user is logged out about the user's authentication assertion, so as to prevent the user from continuing to use the logged-out authentication assertion file.
Referring to fig. 14, fig. 14 is a flowchart illustrating an eighth embodiment of an identity authentication method based on a block chain according to the present invention. The identity authentication method based on the block chain in the embodiment comprises the following steps:
s1401: and the authentication mechanism side receives the identity information to be authenticated sent by the authentication application side and generates an original authentication statement after the identity information to be authenticated passes the verification.
S1402: and sending a complete certification statement to a certification applicant, wherein the complete certification statement comprises a certification authority side signature of the certification authority side by a first private key of identity information VeDID of the certification authority side and a certification applicant side signature of the original certification statement by a second private key of the identity information VeDID of the certification applicant, and the complete certification statement is formed by encrypting the original certification statement with the certification authority side signature and the certification applicant side signature by the certification authority side through a hash algorithm to obtain an original hash value of the original certification statement with the certification authority side signature and the certification applicant side signature and attaching the original hash value to the original certification statement with the certification authority side signature and the certification applicant side signature.
S1403: and storing contract information of the complete authentication statement into a database of the block chain, wherein the contract information comprises an original hash value, identity information VeDID of the authentication mechanism side and identity information VeDID of the authentication application side.
In this implementation scenario, steps S1401 to S1403 provided in this embodiment are substantially similar to steps S901 to S903 in the fifth embodiment of the identity authentication method based on a block chain provided in this application, and are not described herein again.
The present embodiment is different from the fifth embodiment in that after step S1403, the identity authentication method based on a block chain in the present embodiment further includes:
s1404: the state of the complete certification statement having the signature information of the certification authority side is monitored, and after the complete certification statement having the signature information of the certification authority side is found to be revoked, the complete certification statement stored in the certification authority side is revoked.
It can be understood that, when the certification applying party actively logs off the complete certification declaration of itself, the certification authority party needs to monitor the state of the complete certification declaration having the signature information of the certification authority party, and logs off the complete certification declaration stored in the certification authority party after finding that the complete certification declaration having the signature information of the certification authority party is logged off.
Referring to fig. 15, fig. 15 is a schematic structural diagram of an identity authentication device based on a block chain according to an embodiment of the present invention. The identity authentication device 150 in the present application comprises a memory 1500 and a processor 1502 coupled to each other; the memory 1500 stores program data; the processor 1502 is configured to execute the program data to implement any of the above-described identity authentication methods based on blockchains.
For details of the embodiment of the identity authentication apparatus 150 of the present application, please refer to the detailed description in the embodiment of the identity authentication method based on the block chain.
Referring to fig. 16, fig. 16 is a schematic structural diagram of a memory device according to an embodiment of the present invention. The storage device 160 in the present application stores program data 1600 capable of being executed by a processor, and the program data 1600 is used for implementing the identity authentication method based on the blockchain as described above. The storage device 160 may be a storage chip in an electronic device, an SD card, or other readable and writable storage means, and may also be an electronic device.
In the embodiments provided in the present application, it should be understood that the disclosed identity authentication method, identity authentication apparatus and storage device based on blockchain may be implemented in other ways. For example, the above-described device architecture implementations are merely illustrative, and for example, a division of a module or a unit is merely a logical division, and an actual implementation may have another division, for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, devices or units, and may be in an electrical, mechanical or other form.
Units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The above description is only an embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes performed by the present specification and drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.
Claims (18)
1. An identity authentication method based on a block chain, the method comprising:
the authentication application party sends the identity information to be authenticated to the authentication mechanism party so that the authentication mechanism party generates an original authentication statement after passing the verification of the identity information to be authenticated;
receiving a complete certification statement sent by the certification authority side, wherein the complete certification statement comprises a signature of a first private key of identity information VeDID of the certification authority side on the certification authority side of the original certification statement and a signature of a second private key of identity information VeDID of the certification applicant on the certification applicant side of the original certification statement, wherein the complete certification statement is that the certification authority side encrypts the original certification statement with the certification authority side signature and the certification applicant signature by a hash algorithm to obtain an original hash value of the original certification statement with the certification authority side signature and the certification applicant signature, and attaching the original hash value to the original certificate assertion with the certificate authority signature and the certificate applicant signature, the original hash value being used for uplink.
2. The method according to claim 1, comprising, before receiving the complete certificate assertion sent by the certificate authority,:
receiving a first certification statement sent by the certification authority side, wherein the first certification statement is formed by signing the original certification statement by the certification authority side by using a first private key of identity information VeDID of the certification authority side;
and signing the first authentication statement by using a second private key of identity information VeDID of the authentication applicant to form a second authentication statement, and sending the second authentication statement to the authentication authority.
3. The method according to claim 1, wherein before the step of sending the identity information to be authenticated to the certification authority side by the certification applicant side so that the certification authority side generates the original certification statement after the identity information to be authenticated is approved, the method comprises:
the certification authority party and the certification application party respectively generate identity information VeDID of the certification authority party and identity information VeDID of the certification application party through the server of the block chain, wherein the identity information VeDID of the certification authority party has the first private key and the first public key, and the identity information VeDID of the certification application party has the second private key and the second public key; the first private key and the second private key are used for signing a document, the first public key and the second public key are respectively published in a description document of identity information VeDID of the certification authority side and identity information VeDID of the certification applicant side, and the first public key and the second public key are used for verifying identity and modifying the description document.
4. The method of claim 3, wherein at least one pair of an alternate public key and an alternate private key is also published in the description file; the spare private key is used for signing the file; the spare public key is used for applying for a new first public key or a new second public key through a server of the block chain after the first public key or the second public key is lost, or the spare public key is used for verifying identity and is not used for modifying the description file, or the spare public key is used for modifying the description file and is not used for verifying identity.
5. The method of claim 1, wherein after the step of receiving the complete certification statement sent by the certification authority, the method further comprises:
receiving an acquisition request about the identity information of the authentication applicant sent by an information requestor;
and sending the identification information of the authentication applicant to the information requestor so that the information requestor verifies whether the identity of the authentication applicant meets the service requirement through the identification information of the authentication applicant, wherein the identification information of the authentication applicant comprises the identification information VeDID of the authentication applicant and the signature information of the authentication applicant signed by the authentication applicant by using the second private key.
6. The method of claim 5, wherein the step of enabling the information requestor to verify whether the identity of the authenticated requestor meets the business requirement through the identification information of the authenticated requestor comprises:
the information requestor verifies whether the authentication applicant is an authorized user of the identity information VeDID of the authentication applicant according to the identity information VeDID of the authentication applicant, the signature information of the authentication applicant and a public and private key encryption algorithm;
if yes, the information requestor queries whether contract information containing identity information VeDID of the authentication applicant exists in a database of the block chain;
if yes, the information requestor further judges whether the authentication qualification of the authentication organization side meets the service requirement according to identity information VeDID of the authentication organization side in the contract information;
if yes, verifying that the identity of the authentication application party meets the service requirement;
if not, verifying that the identity of the authentication applicant does not meet the service requirement;
and if not, verifying that the identity of the authentication application party does not meet the service requirement.
7. The method as claimed in claim 6, wherein the step of the information requestor verifying whether the authentication requestor is an authorized user of the identity information VeDID of the authentication requestor according to the identity information VeDID of the authentication requestor, the signature information of the authentication requestor and the public-private key encryption algorithm comprises:
the information requestor obtains a second derivation public key according to the signature information of the authentication applicant and a public and private key encryption algorithm, and judges whether the second derivation public key is the same as a second public key corresponding to the second private key in identity information VeDID of the authentication applicant;
if the identity information is the same as the identity information, the authentication applicant is an authorized user of identity information VeDID of the authentication applicant;
if not, the authentication applicant is not an authorized user of the identity information VeDID of the authentication applicant.
8. The method of claim 6, wherein the identification information of the authenticating supplicant further comprises a complete authentication assertion for the authenticating supplicant;
before the step of verifying that the identity of the authenticated applicant meets the business requirements, the method further comprises:
the information requestor obtains a new hash value from the complete authentication statement of the authentication applicant through a hash algorithm, and judges whether the new hash value is the same as an original hash value in the contract information containing the identity information VeDID of the authentication applicant;
if the identity of the authentication application party is the same as the identity of the service request, verifying that the identity of the authentication application party meets the service requirement;
if not, verifying that the identity of the authentication application party does not meet the service requirement.
9. The method of claim 1, wherein after the step of receiving the complete certification statement sent by the certification authority, the method further comprises:
receiving a notification sent by the certification authority party that a complete certification statement of the certification applicant is revoked by a server of the blockchain; the method comprises the steps that a first logout request for logging out a complete authentication statement of an authentication applicant is sent to a server of a block chain by the authentication mechanism side, and the complete authentication statement of the authentication applicant is logged out by the server of the block chain after the server of the block chain judges that the identity of the authentication mechanism side is correct; the first logout request comprises certification authority side signature information signed by the certification authority side by using the first private key; and the server of the block chain obtains a first derivation public key according to the signature information of the certification authority party and a public-private key encryption algorithm, and judges that the identity of the certification authority party is correct by judging that the first derivation public key is the same as a first public key corresponding to the first private key in identity information VeDID of the certification authority party in contract information of the complete certification statement.
10. The method of claim 1, wherein after the step of receiving the complete certification statement sent by the certification authority, the method further comprises:
the authentication applicant sends a second logout request for logging out the complete authentication declaration of the authentication applicant to the server of the block chain, so that the server of the block chain logs out the complete authentication declaration of the authentication applicant after judging that the identity of the authentication applicant is correct; the second logout request comprises the signature information of the authentication applicant signed by the second private key, the server of the block chain obtains a second derivation public key according to the signature information of the authentication applicant and a public-private key encryption algorithm, and judges that the identity of the authentication applicant is correct by judging that the second derivation public key is the same as a second public key corresponding to the second private key in the identity information VeDID of the authentication applicant in the contract information of the complete authentication statement.
11. An identity authentication method based on a block chain, the method comprising:
the authentication mechanism side receives the identity information to be authenticated sent by the authentication application side, and generates an original authentication statement after the identity information to be authenticated passes the verification;
sending a complete certification statement to the certification applicant, wherein the complete certification statement comprises a certification authority side signature of the original certification authority side signed by a first private key of identity information VeDID of the certification authority side and a certification applicant side signature of the original certification authority side signed by a second private key of identity information VeDID of the certification applicant, and the complete certification statement is formed by the certification authority side encrypting the original certification authority side signature and the certification applicant side signature by a hash algorithm to obtain an original hash value of the original certification authority side signature and the certification applicant side signature, and attaching the original hash value to the original certification authority side signature and the certification applicant side signature;
and storing contract information of the complete authentication statement into a database of the block chain, wherein the contract information comprises the original hash value, identity information VeDID of the authentication mechanism side and identity information VeDID of the authentication application side.
12. The method of claim 11, wherein prior to sending the full authentication assertion to the authentication applicant, comprising:
signing the original authentication statement by using a first private key of identity information VeDID of the authentication mechanism party to form a first authentication statement, and sending the first authentication statement to the authentication applicant;
and receiving a second authentication statement sent by the authentication applicant, wherein the second authentication statement is formed by the authentication applicant signing the first authentication statement by using a second private key of identity information VeDID of the authentication applicant.
13. The method according to claim 11, wherein before the step of receiving, by the certification authority, the identity information to be certified sent by the certification applicant and generating the original certification statement after the identity information to be certified is approved, the method comprises:
the certification authority party and the certification application party respectively generate identity information VeDID of the certification authority party and identity information VeDID of the certification application party through the server of the block chain, wherein the identity information VeDID of the certification authority party has the first private key and the first public key, and the identity information VeDID of the certification application party has the second private key and the second public key; the first private key and the second private key are used for signing a document, the first public key and the second public key are respectively published in a description document of identity information VeDID of the certification authority side and identity information VeDID of the certification applicant side, and the first public key and the second public key are used for verifying identity and modifying the description document.
14. The method of claim 13, wherein at least one pair of an alternate public key and an alternate private key is published in the description file; the spare private key is used for signing the file; the spare public key is used for applying for a new first public key or a new second public key through a server of the block chain after the first public key or the second public key is lost, or the spare public key is used for verifying identity and is not used for modifying the description file, or the spare public key is used for modifying the description file and is not used for verifying identity.
15. The method of claim 11, wherein after the step of storing contract information for the complete authentication assertion in a database of the blockchain, the method further comprises:
sending a first logout request for logging out the complete authentication statement of the authentication applicant to a server of the block chain, wherein the first logout request comprises authentication mechanism side signature information signed by the authentication mechanism side by using the first private key;
after the server of the block chain judges that the identity of the certification authority party is correct and cancels the complete certification statement of the certification authority party, the server of the block chain informs the certification authority party of the message that the complete certification statement of the certification authority party is cancelled, wherein the server of the block chain obtains a first derivation public key according to the signature information of the certification authority party and a public-private key encryption algorithm, and judges that the identity of the certification authority party is correct by judging that the first derivation public key is the same as a first public key corresponding to a first private key in identity information VeDID of the certification authority party in contract information of the complete certification statement.
16. The method of claim 11, wherein after the step of storing contract information for the complete authentication assertion in a database of the blockchain, the method further comprises:
monitoring the state of the complete certification statement with the signature information of the certification authority side, and logging off the complete certification statement stored in the certification authority side after finding that the complete certification statement with the signature information of the certification authority side is logged off.
17. An identity authentication device based on a blockchain, which is characterized by comprising a memory and a processor which are coupled with each other;
the memory stores program data; the processor is configured to execute the program data stored in the memory to implement the method of any one of claims 1 to 10 or the method of any one of claims 11 to 16.
18. A storage device, characterized in that program data are stored which can be executed by a processor for carrying out the method of any one of claims 1 to 10 or the method of any one of claims 11 to 16.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910828248.XA CN112446701B (en) | 2019-09-03 | 2019-09-03 | Identity authentication method, equipment and storage device based on blockchain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910828248.XA CN112446701B (en) | 2019-09-03 | 2019-09-03 | Identity authentication method, equipment and storage device based on blockchain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112446701A true CN112446701A (en) | 2021-03-05 |
| CN112446701B CN112446701B (en) | 2024-04-05 |
Family
ID=74734013
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910828248.XA Active CN112446701B (en) | 2019-09-03 | 2019-09-03 | Identity authentication method, equipment and storage device based on blockchain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112446701B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114710362A (en) * | 2022-04-22 | 2022-07-05 | 中国工商银行股份有限公司 | Identity authentication method and device based on block chain and electronic equipment |
| CN114866260A (en) * | 2022-07-05 | 2022-08-05 | 杭州天谷信息科技有限公司 | Chameleon hash distributed identity use method and system |
Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107566116A (en) * | 2017-06-15 | 2018-01-09 | ***股份有限公司 | The method and device of registration is really weighed for digital asset |
| CN107682378A (en) * | 2017-11-22 | 2018-02-09 | 国民认证科技(北京)有限公司 | A kind of real name identification method and system based on block chain |
| WO2018049656A1 (en) * | 2016-09-18 | 2018-03-22 | 深圳前海达闼云端智能科技有限公司 | Blockchain-based identity authentication method, device, node and system |
| EP3318999A1 (en) * | 2016-11-04 | 2018-05-09 | Bundesdruckerei GmbH | Method for issuing a virtual version of a document |
| CN108064440A (en) * | 2017-05-25 | 2018-05-22 | 深圳前海达闼云端智能科技有限公司 | FIDO authentication method, device and system based on block chain |
| KR101876672B1 (en) * | 2017-03-22 | 2018-07-10 | 주식회사 케이뱅크은행 | Digital signature method using block chain and system performing the same |
| US20180365691A1 (en) * | 2017-06-15 | 2018-12-20 | KoopaCoin LLC | Identity ledger in crypto currency transactions |
| CN109075976A (en) * | 2016-04-19 | 2018-12-21 | 微软技术许可有限责任公司 | Certificate depending on key authentication is issued |
| WO2019052286A1 (en) * | 2017-09-12 | 2019-03-21 | 广州广电运通金融电子股份有限公司 | User identity verification method, apparatus and system based on blockchain |
| WO2019052281A1 (en) * | 2017-09-12 | 2019-03-21 | 京信通信***(中国)有限公司 | Block chain-based mobile terminal authentication management method and apparatus, and corresponding mobile terminal |
| CN109522698A (en) * | 2018-10-11 | 2019-03-26 | 平安科技(深圳)有限公司 | User authen method and terminal device based on block chain |
| CN109948367A (en) * | 2019-03-27 | 2019-06-28 | 南京星链高科技发展有限公司 | A kind of medical data authorization method based on block chain technology |
| CN110061851A (en) * | 2019-04-28 | 2019-07-26 | 广州大学 | A kind of across trust domain authentication method and system of decentralization |
| CN110071807A (en) * | 2019-03-22 | 2019-07-30 | 湖南天河国云科技有限公司 | The point-to-point node authentication method of block chain, system and computer readable storage medium |
| CN110177088A (en) * | 2019-05-08 | 2019-08-27 | 矩阵元技术(深圳)有限公司 | A kind of temporary identity authentication method, apparatus and system |
-
2019
- 2019-09-03 CN CN201910828248.XA patent/CN112446701B/en active Active
Patent Citations (15)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109075976A (en) * | 2016-04-19 | 2018-12-21 | 微软技术许可有限责任公司 | Certificate depending on key authentication is issued |
| WO2018049656A1 (en) * | 2016-09-18 | 2018-03-22 | 深圳前海达闼云端智能科技有限公司 | Blockchain-based identity authentication method, device, node and system |
| EP3318999A1 (en) * | 2016-11-04 | 2018-05-09 | Bundesdruckerei GmbH | Method for issuing a virtual version of a document |
| KR101876672B1 (en) * | 2017-03-22 | 2018-07-10 | 주식회사 케이뱅크은행 | Digital signature method using block chain and system performing the same |
| CN108064440A (en) * | 2017-05-25 | 2018-05-22 | 深圳前海达闼云端智能科技有限公司 | FIDO authentication method, device and system based on block chain |
| US20180365691A1 (en) * | 2017-06-15 | 2018-12-20 | KoopaCoin LLC | Identity ledger in crypto currency transactions |
| CN107566116A (en) * | 2017-06-15 | 2018-01-09 | ***股份有限公司 | The method and device of registration is really weighed for digital asset |
| WO2019052286A1 (en) * | 2017-09-12 | 2019-03-21 | 广州广电运通金融电子股份有限公司 | User identity verification method, apparatus and system based on blockchain |
| WO2019052281A1 (en) * | 2017-09-12 | 2019-03-21 | 京信通信***(中国)有限公司 | Block chain-based mobile terminal authentication management method and apparatus, and corresponding mobile terminal |
| CN107682378A (en) * | 2017-11-22 | 2018-02-09 | 国民认证科技(北京)有限公司 | A kind of real name identification method and system based on block chain |
| CN109522698A (en) * | 2018-10-11 | 2019-03-26 | 平安科技(深圳)有限公司 | User authen method and terminal device based on block chain |
| CN110071807A (en) * | 2019-03-22 | 2019-07-30 | 湖南天河国云科技有限公司 | The point-to-point node authentication method of block chain, system and computer readable storage medium |
| CN109948367A (en) * | 2019-03-27 | 2019-06-28 | 南京星链高科技发展有限公司 | A kind of medical data authorization method based on block chain technology |
| CN110061851A (en) * | 2019-04-28 | 2019-07-26 | 广州大学 | A kind of across trust domain authentication method and system of decentralization |
| CN110177088A (en) * | 2019-05-08 | 2019-08-27 | 矩阵元技术(深圳)有限公司 | A kind of temporary identity authentication method, apparatus and system |
Non-Patent Citations (3)
| Title |
|---|
| 周致成;李立新;李作辉;: "基于区块链技术的高效跨域认证方案", 计算机应用, no. 02, pages 316 - 320 * |
| 杨品林;: "电子商务平台身份认证算法的设计与实现", 现代电子技术, no. 23, pages 155 - 157 * |
| ***;陈宇翔;张兆雷;白健;郝尧;: "基于区块链的身份管理认证研究", 计算机科学, no. 11, pages 52 - 59 * |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114710362A (en) * | 2022-04-22 | 2022-07-05 | 中国工商银行股份有限公司 | Identity authentication method and device based on block chain and electronic equipment |
| CN114866260A (en) * | 2022-07-05 | 2022-08-05 | 杭州天谷信息科技有限公司 | Chameleon hash distributed identity use method and system |
| CN114866260B (en) * | 2022-07-05 | 2022-10-28 | 杭州天谷信息科技有限公司 | Chameleon hash distributed identity using method and system |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112446701B (en) | 2024-04-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10885501B2 (en) | Accredited certificate issuance system based on block chain and accredited certificate issuance method based on block chain using same, and accredited certificate authentication system based on block chain and accredited certificate authentication method based on block chain using same | |
| US20180359092A1 (en) | Method for managing a trusted identity | |
| CN109067801A (en) | A kind of identity identifying method, identification authentication system and computer-readable medium | |
| CN109359691A (en) | Auth method and system based on block chain | |
| KR101985179B1 (en) | Blockchain based id as a service | |
| CN103685138A (en) | Method and system for authenticating application software of Android platform on mobile internet | |
| US9692744B2 (en) | Secure user authentication in a dynamic network | |
| CN110493237A (en) | Identity management method, device, computer equipment and storage medium | |
| US20110167258A1 (en) | Efficient Secure Cloud-Based Processing of Certificate Status Information | |
| CN113472790B (en) | Information transmission method, client and server based on HTTPS protocol | |
| US20230006840A1 (en) | Methods and devices for automated digital certificate verification | |
| CN110020869B (en) | Method, device and system for generating block chain authorization information | |
| KR102410006B1 (en) | Method for creating decentralized identity able to manage user authority and system for managing user authority using the same | |
| CN111460457A (en) | Real estate property registration supervision method, device, electronic equipment and storage medium | |
| CN111641615A (en) | Distributed identity authentication method and system based on certificate | |
| US20210306135A1 (en) | Electronic device within blockchain based pki domain, electronic device within certification authority based pki domain, and cryptographic communication system including these electronic devices | |
| CN111355591A (en) | Block chain account safety management method based on real-name authentication technology | |
| WO2008020991A2 (en) | Notarized federated identity management | |
| US20240187259A1 (en) | Method and apparatus for generating, providing and distributing a trusted electronic record or certificate based on an electronic document relating to a user | |
| CN112446701B (en) | Identity authentication method, equipment and storage device based on blockchain | |
| CN106656507B (en) | A kind of digital certificate method and device based on mobile terminal | |
| KR102157695B1 (en) | Method for Establishing Anonymous Digital Identity | |
| CN113271207A (en) | Escrow key using method and system based on mobile electronic signature, computer equipment and storage medium | |
| CN116975810A (en) | Identity verification method, device, electronic equipment and computer readable storage medium | |
| JP4541740B2 (en) | Authentication key update system and authentication key update method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |